From e3c3e4cd5047ab67c2a33a96b17d2565797b21cf Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Tue, 23 Sep 2025 07:07:43 +0000 Subject: [PATCH] align for IA agents + grafana --- .env.master | 135 +----- ...2_115628 => .env.master.bak_20250922162513 | 69 +-- ...2_121003 => .env.master.bak_20250922162546 | 63 +-- CHANGELOG.md | 2 +- README.md | 2 - blindbit/Dockerfile | 2 + .../grafana/dashboards/lecoffre-overview.json | 12 - conf/grafana/dashboards/sdk-services.json | 25 -- .../grafana/dashboards/services-overview.json | 12 - conf/logrotate/lecoffre-back.conf | 3 - conf/logrotate/sdk_signer.conf | 13 - conf/monitoring.conf | 2 +- conf/nginx/dev4.4nkweb.com-https.conf | 55 +-- conf/nginx/dev4.4nkweb.com.conf | 10 - conf/nginx/local.4nkweb.com-3000.conf | 64 --- conf/nginx/local.4nkweb.com.conf | 9 - conf/nginx/local.lecoffreio.4nkweb-3000.conf | 55 --- conf/nginx/local.lecoffreio.4nkweb.conf | 48 --- conf/nginx/nginx.conf | 47 -- conf/promtail/promtail.yml | 10 - docker-compose.yml.backup | 403 ------------------ scripts/README.md | 1 - scripts/backup-data.sh | 13 +- scripts/build-project.sh | 2 - scripts/collect-logs.sh | 1 - scripts/deploy-grafana.sh | 2 +- scripts/healthchecks/sdk-signer-progress.sh | 18 - scripts/restore-data.sh | 1 - scripts/setup-logs.sh | 8 +- scripts/start.sh | 17 - scripts/sync-monitoring-config.sh | 6 +- scripts/test-dashboards.sh | 2 +- scripts/update-healthchecks.sh | 5 - scripts/validate-deployment.sh | 2 - tests/smoke_dev4.md | 2 - tests/smoke_local_http.md | 14 - web/status/api.js | 1 - web/status/api.py | 10 - web/status/working-api.js | 1 - 39 files changed, 78 insertions(+), 1069 deletions(-) rename .env.master.bak_20250922_115628 => .env.master.bak_20250922162513 (67%) rename .env.master.bak_20250922_121003 => .env.master.bak_20250922162546 (67%) delete mode 100644 conf/logrotate/lecoffre-back.conf delete mode 100644 conf/logrotate/sdk_signer.conf delete mode 100644 conf/nginx/local.4nkweb.com-3000.conf delete mode 100644 conf/nginx/local.4nkweb.com.conf delete mode 100644 conf/nginx/local.lecoffreio.4nkweb-3000.conf delete mode 100644 conf/nginx/local.lecoffreio.4nkweb.conf delete mode 100644 docker-compose.yml.backup delete mode 100644 tests/smoke_local_http.md diff --git a/.env.master b/.env.master index c9b59be..eeebf40 100644 --- a/.env.master +++ b/.env.master @@ -1,129 +1,24 @@ -# DOMAIN -DOMAIN=dev4.4nkweb.com -BOOTSTRAP_DOMAIN=dev3.4nkweb.com -LOCAL_DOMAIN=lecoffreio.4nkweb.com -LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com - -# GIT -GITEA_BASE_URL=git.4nkweb.com -GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df -GITEA_OWNER="nicolas.cantu,Omar" -GITEA_RUNNER_NAME=debian-runner - -# Variables d'environnement pour l'application back-end +# Frontend runtime +NODE_OPTIONS=--max-old-space-size=4096 NODE_ENV=production -RUST_LOG=DEBUG -NODE_OPTIONS=--max-old-space-size=2048 -# Configuration IDNOT -IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire -IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client -IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 -IDNOT_API_BASE_URL=https://qual-api.notaires.fr - -# Configuration serveur -APP_HOST=dev4.4nkweb.com -API_BASE_URL=https://${DOMAIN}/back -DEFAULT_STORAGE=https://${DOMAIN}/storage - -# Variables d'environnement pour l'application front-end -NEXT_PUBLIC_4NK_URL=https://${DOMAIN} +# Public URLs +NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com +NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre -NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr -NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 + +# Backend API (via dev4 Nginx proxying to dev3) NEXT_PUBLIC_BACK_API_PROTOCOL=https -NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN} +NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com NEXT_PUBLIC_BACK_API_PORT=443 NEXT_PUBLIC_BACK_API_ROOT_URL=/api NEXT_PUBLIC_BACK_API_VERSION=v1 -NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client -NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre -NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN} -NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client -NEXT_PUBLIC_DOCAPOSTE_API_URL= -NEXT_PUBLIC_API_URL=https://${DOMAIN}/api -NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99 -NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage -# WS -RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/ +# IdNot +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/ +# NEXT_PUBLIC_IDNOT_CLIENT_ID is expected to be set in image/secrets +NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client -# SIGNER -SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090 -SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN} - -# IHM URLS -VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/ - -# Cartes de test Stripe -SUCCES='4242 4242 4242 4242' -DECLINED='4000 0025 0000 3155' -CORS_ALLOWED_ORIGINS=https://${DOMAIN} - -core_url=http://bitcoin:38332 -ws_url=0.0.0.0:8090 -wallet_name=default -network=signet -blindbit_url=http://blindbit:8000 -zmq_url=tcp://bitcoin:29000 -storage=https://${DOMAIN}/storage -data_dir=/home/bitcoin/.4nk -bitcoin_data_dir=/home/bitcoin/.bitcoin -bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/ -bootstrap_faucet=true - -# ================== /!\ sensible ========================= - -# Configuration IDNOT -IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e -IDNOT_CLIENT_ID=B3CE56353EDB15A9 -IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C -NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9 - -SIGNER_API_KEY=your-api-key-change-this -VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9 - -# Configuration pour réduire les traces Docker -DOCKER_LOG_LEVEL=info -COMPOSE_LOG_LEVEL=WARNING - -# =========================================== -# VARIABLES SDK_SIGNER (manquantes) -# =========================================== -SIGNER_PORT=9090 -SIGNER_DATABASE_PATH=./data/server.db -SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/ -SIGNER_AUTO_RESTART=true -SIGNER_MAX_RESTARTS=3 -SIGNER_LOG_LEVEL=info - -# =========================================== -# VARIABLES SDK_RELAY (formatées pour docker-compose) -# =========================================== -SDK_RELAY_CORE_URL=http://bitcoin:38332 -SDK_RELAY_WS_URL=0.0.0.0:8090 -SDK_RELAY_WALLET_NAME=default -SDK_RELAY_NETWORK=signet -SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000 -SDK_RELAY_STORAGE=https://${DOMAIN}/storage -SDK_RELAY_DATA_DIR=/app/.4nk -SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin -SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/ -SDK_RELAY_BOOTSTRAP_FAUCET=true -SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000 - -# =========================================== -# VARIABLES IHM_CLIENT (formatées pour docker-compose) -# =========================================== -VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1 -VITE_WS_URL=wss://${DOMAIN}/ws/ -VITE_STORAGE_URL=https://${DOMAIN}/storage -VITE_SIGNER_URL=https://${DOMAIN}/signer - -# =========================================== -# VARIABLES MONITORING -# =========================================== -GRAFANA_ADMIN_USER=admin -GRAFANA_ADMIN_PASSWORD=admin123 -LOKI_URL=http://loki:3100 -PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml +# Back base for state endpoint (dev3) +NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com diff --git a/.env.master.bak_20250922_115628 b/.env.master.bak_20250922162513 similarity index 67% rename from .env.master.bak_20250922_115628 rename to .env.master.bak_20250922162513 index b6a4b61..d3075a4 100644 --- a/.env.master.bak_20250922_115628 +++ b/.env.master.bak_20250922162513 @@ -1,7 +1,8 @@ # DOMAIN DOMAIN=dev4.4nkweb.com BOOTSTRAP_DOMAIN=dev3.4nkweb.com -LOCAL_DOMAIN=local.4nkweb.com +LOCAL_DOMAIN=lecoffreio.4nkweb.com +LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com # GIT GITEA_BASE_URL=git.4nkweb.com @@ -9,26 +10,14 @@ GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df GITEA_OWNER="nicolas.cantu,Omar" GITEA_RUNNER_NAME=debian-runner - -GITEA_OWNER, GITEA_REPO, GITEA_RUNNER_NAME (or pipeline to query) -Mailchimp -MAILCHIMP_API_KEY, MAILCHIMP_SERVER_PREFIX -Stripe -STRIPE_SECRET_KEY -STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID -STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID -STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID -STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID -OVH (if you want a real read-only check) -OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY, OVH_SERVICE_NAME - # Variables d'environnement pour l'application back-end -NODE_OPTIONS=--max-old-space-size=2048 NODE_ENV=production +RUST_LOG=DEBUG +NODE_OPTIONS=--max-old-space-size=2048 # Configuration IDNOT IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire -IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client +IDNOT_REDIRECT_URI=https://${LOCAL_DOMAIN}/authorized-client IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 IDNOT_API_BASE_URL=https://qual-api.notaires.fr @@ -43,7 +32,7 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 NEXT_PUBLIC_BACK_API_PROTOCOL=https -NEXT_PUBLIC_BACK_API_HOST=${DOMAIN} +NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN} NEXT_PUBLIC_BACK_API_PORT=443 NEXT_PUBLIC_BACK_API_ROOT_URL=/api NEXT_PUBLIC_BACK_API_VERSION=v1 @@ -69,8 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/ # Cartes de test Stripe SUCCES='4242 4242 4242 4242' DECLINED='4000 0025 0000 3155' -ENABLE_SUBSCRIPTION_STUB=true -CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN} +CORS_ALLOWED_ORIGINS=https://${DOMAIN} core_url=http://bitcoin:38332 ws_url=0.0.0.0:8090 @@ -84,9 +72,6 @@ bitcoin_data_dir=/home/bitcoin/.bitcoin bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/ bootstrap_faucet=true -RUST_LOG=DEBUG, -NODE_OPTIONS=--max-old-space-size=2048 - # ================== /!\ sensible ========================= # Configuration IDNOT @@ -95,33 +80,6 @@ IDNOT_CLIENT_ID=B3CE56353EDB15A9 IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9 - -# Configuration OVH -OVH_APP_KEY=5ab0709bbb65ef26 -OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766 -OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece -OVH_SMS_SERVICE_NAME=sms-tt802880-1 -OVH_APPLICATION_KEY=5ab0709bbb65ef26 -OVH_APPLICATION_SECRET=de1fac1779d707d263a611a557cd5766 -OVH_SERVICE_NAME= - -# Configuration SMS Factor -SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw - -# Configuration Mailchimp -MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A -MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17 -MAILCHIMP_LIST_ID=a48d9ad852 - -# Configuration Stripe -STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n -STRIPE_PUBLISHABLE_KEY= -STRIPE_WEBHOOK_SECRET= -STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3 -STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY -STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac -STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB - SIGNER_API_KEY=your-api-key-change-this VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9 @@ -130,7 +88,7 @@ DOCKER_LOG_LEVEL=info COMPOSE_LOG_LEVEL=WARNING # =========================================== -# VARIABLES SDK_SIGNER (manquantes) +# VARIABLES(manquantes) # =========================================== SIGNER_PORT=9090 SIGNER_DATABASE_PATH=./data/server.db @@ -146,13 +104,14 @@ SDK_RELAY_CORE_URL=http://bitcoin:38332 SDK_RELAY_WS_URL=0.0.0.0:8090 SDK_RELAY_WALLET_NAME=default SDK_RELAY_NETWORK=signet -SDK_RELAY_BLINDBIT_URL=http://blindbit:8000 SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000 SDK_RELAY_STORAGE=https://${DOMAIN}/storage SDK_RELAY_DATA_DIR=/app/.4nk SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/ SDK_RELAY_BOOTSTRAP_FAUCET=true +SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000 + # =========================================== # VARIABLES IHM_CLIENT (formatées pour docker-compose) @@ -171,7 +130,9 @@ LOKI_URL=http://loki:3100 PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml # =========================================== -# VARIABLES MANQUANTES POUR DOCKER-COMPOSE +# GRAFANA # =========================================== -# Mailchimp -MAILCHIMP_SERVER_PREFIX=us17 +GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU +GF_USERS_ALLOW_SIGN_UP=false +GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ +GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource diff --git a/.env.master.bak_20250922_121003 b/.env.master.bak_20250922162546 similarity index 67% rename from .env.master.bak_20250922_121003 rename to .env.master.bak_20250922162546 index 6c398ce..0cc406b 100644 --- a/.env.master.bak_20250922_121003 +++ b/.env.master.bak_20250922162546 @@ -1,7 +1,8 @@ # DOMAIN DOMAIN=dev4.4nkweb.com BOOTSTRAP_DOMAIN=dev3.4nkweb.com -LOCAL_DOMAIN=local.4nkweb.com +LOCAL_DOMAIN=lecoffreio.4nkweb.com +LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com # GIT GITEA_BASE_URL=git.4nkweb.com @@ -10,12 +11,13 @@ GITEA_OWNER="nicolas.cantu,Omar" GITEA_RUNNER_NAME=debian-runner # Variables d'environnement pour l'application back-end -NODE_OPTIONS=--max-old-space-size=2048 NODE_ENV=production +RUST_LOG=DEBUG +NODE_OPTIONS=--max-old-space-size=2048 # Configuration IDNOT IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire -IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client +IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 IDNOT_API_BASE_URL=https://qual-api.notaires.fr @@ -30,7 +32,7 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 NEXT_PUBLIC_BACK_API_PROTOCOL=https -NEXT_PUBLIC_BACK_API_HOST=${DOMAIN} +NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN} NEXT_PUBLIC_BACK_API_PORT=443 NEXT_PUBLIC_BACK_API_ROOT_URL=/api NEXT_PUBLIC_BACK_API_VERSION=v1 @@ -56,8 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/ # Cartes de test Stripe SUCCES='4242 4242 4242 4242' DECLINED='4000 0025 0000 3155' -ENABLE_SUBSCRIPTION_STUB=true -CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN} +CORS_ALLOWED_ORIGINS=https://${DOMAIN} core_url=http://bitcoin:38332 ws_url=0.0.0.0:8090 @@ -71,9 +72,6 @@ bitcoin_data_dir=/home/bitcoin/.bitcoin bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/ bootstrap_faucet=true -RUST_LOG=DEBUG, -NODE_OPTIONS=--max-old-space-size=2048 - # ================== /!\ sensible ========================= # Configuration IDNOT @@ -82,40 +80,6 @@ IDNOT_CLIENT_ID=B3CE56353EDB15A9 IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9 - -# Configuration OVH -OVH_APP_KEY=5ab0709bbb65ef26 -OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766 -OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece -OVH_SMS_SERVICE_NAME=sms-tt802880-1 -OVH_APPLICATION_KEY=5ab0709bbb65ef26 -OVH_APPLICATION_SECRET=de1fac1779d707d263a611a557cd5766 -OVH_SERVICE_NAME=sms-tt802880-1 - -# Configuration SMS Factor -SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw - -# Configuration Mailchimp -MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A -MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17 -MAILCHIMP_LIST_ID=a48d9ad852 - -# Configuration Stripe -STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n -STRIPE_PUBLISHABLE_KEY= -STRIPE_WEBHOOK_SECRET= -STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3 -STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY -STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac -STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB -STRIPE_price_1QMUuXP5xh1u9BqS26uzbJaF (créateurs) -STRIPE_price_1P9O6BP5xh1u9BqSelP9ZI52 (standard annuel) -STRIPE_price_1P9O68P5xh1u9BqSfNVdM8QL (starter annuel) -STRIPE_price_1P8ziKP5xh1u9BqSgtmZsaqi (starter mensuel - année) -STRIPE_price_1P8ziKP5xh1u9BqS0GajjcpG (starter mensuel - mois) -STRIPE_price_1P8ziGP5xh1u9BqSd2LGZeDd (Standard mensuel - année) -STRIPE_price_1P8ziGP5xh1u9BqSsvKOzk7A (Standard mensuel - mois) - SIGNER_API_KEY=your-api-key-change-this VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9 @@ -124,7 +88,7 @@ DOCKER_LOG_LEVEL=info COMPOSE_LOG_LEVEL=WARNING # =========================================== -# VARIABLES SDK_SIGNER (manquantes) +# VARIABLES(manquantes) # =========================================== SIGNER_PORT=9090 SIGNER_DATABASE_PATH=./data/server.db @@ -140,13 +104,14 @@ SDK_RELAY_CORE_URL=http://bitcoin:38332 SDK_RELAY_WS_URL=0.0.0.0:8090 SDK_RELAY_WALLET_NAME=default SDK_RELAY_NETWORK=signet -SDK_RELAY_BLINDBIT_URL=http://blindbit:8000 SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000 SDK_RELAY_STORAGE=https://${DOMAIN}/storage SDK_RELAY_DATA_DIR=/app/.4nk SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/ SDK_RELAY_BOOTSTRAP_FAUCET=true +SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000 + # =========================================== # VARIABLES IHM_CLIENT (formatées pour docker-compose) @@ -165,7 +130,9 @@ LOKI_URL=http://loki:3100 PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml # =========================================== -# VARIABLES MANQUANTES POUR DOCKER-COMPOSE +# GRAFANA # =========================================== -# Mailchimp -MAILCHIMP_SERVER_PREFIX=us17 +GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU +GF_USERS_ALLOW_SIGN_UP=false +GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ +GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ae6be3..5f09ca0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,6 @@ ## [1.0.0] ### Version initiale - Configuration Docker Compose complète -- Services : tor, bitcoin, blindbit, sdk_storage, sdk_relay, sdk_signer, ihm_client, lecoffre-front +- Services : tor, bitcoin, blindbit, sdk_storage, sdk_relay, ihm_client, lecoffre-front - Configuration Nginx pour dev4.4nkweb.com - Scripts de démarrage et validation diff --git a/README.md b/README.md index 718b74f..0b94c26 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ Internet → dev4.4nkweb.com (Nginx) → Services Locaux | `lecoffre-front` | 3004 | ✅ | Interface utilisateur | | `ihm_client` | 3003 | ✅ | Gestion des clés | | `sdk_relay` | 8090-8091 | ✅ | Relay WebSocket | -| `sdk_signer` | 3001 | ✅ | Service de signature | | `sdk_storage` | 8081 | ✅ | Stockage temporaire | | `bitcoin-signet` | - | ✅ | Nœud Bitcoin | | `blindbit-oracle` | 8000 | ✅ | Oracle Bitcoin | @@ -207,7 +206,6 @@ lecoffre_node/ | Projet | Branche | Description | |--------|---------|-------------| | `sdk_relay` | `ext` | Relay des transactions | -| `sdk_signer` | `ext` | Service de signature | | `sdk_storage` | `ext` | Stockage temporaire | | `ihm_client` | `ext` | Interface de gestion | | `lecoffre-front` | `ext` | Frontend LeCoffre | diff --git a/blindbit/Dockerfile b/blindbit/Dockerfile index 3e161ee..4be638c 100644 --- a/blindbit/Dockerfile +++ b/blindbit/Dockerfile @@ -8,3 +8,5 @@ RUN apt-get update && apt-get install -y procps wget curl && \ # Revenir à l'utilisateur par défaut USER root + + diff --git a/conf/grafana/dashboards/lecoffre-overview.json b/conf/grafana/dashboards/lecoffre-overview.json index f00f282..9ecf781 100644 --- a/conf/grafana/dashboards/lecoffre-overview.json +++ b/conf/grafana/dashboards/lecoffre-overview.json @@ -228,18 +228,6 @@ "dedupStrategy": "none", "sortOrder": "Descending" }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{job=~\"bitcoin|blindbit|sdk_relay|sdk_signer|sdk_storage|lecoffre-front|ihm_client|miner\"} |= \"error\" | logfmt", - "queryType": "", - "refId": "A" - } - ], "title": "Logs d'Erreur - Tous Services", "type": "logs" } diff --git a/conf/grafana/dashboards/sdk-services.json b/conf/grafana/dashboards/sdk-services.json index 8ec6616..112fa6a 100644 --- a/conf/grafana/dashboards/sdk-services.json +++ b/conf/grafana/dashboards/sdk-services.json @@ -255,18 +255,6 @@ "mode": "single" } }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "sum(rate({container=\"sdk_signer\"} |= \"signature\" [5m])) by (container)", - "queryType": "", - "refId": "A" - } - ], "title": "Signatures Signer", "type": "timeseries" }, @@ -383,18 +371,6 @@ "textMode": "auto" }, "pluginVersion": "10.0.0", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "count_over_time({container=\"sdk_signer\"} |= \"ERROR\" [1h])", - "queryType": "", - "refId": "A" - } - ], "title": "Erreurs Signer (1h)", "type": "stat" }, @@ -616,4 +592,3 @@ "version": 1, "weekStart": "" } - diff --git a/conf/grafana/dashboards/services-overview.json b/conf/grafana/dashboards/services-overview.json index 89c910e..b27238f 100644 --- a/conf/grafana/dashboards/services-overview.json +++ b/conf/grafana/dashboards/services-overview.json @@ -394,18 +394,6 @@ "dedupStrategy": "none", "sortOrder": "Descending" }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "loki" - }, - "editorMode": "code", - "expr": "{job=~\"lecoffre-front|ihm_client|sdk_relay|sdk_signer|sdk_storage\"} |= \"error\" | logfmt", - "queryType": "", - "refId": "A" - } - ], "title": "Logs d'Erreur - Services Applications", "type": "logs" } diff --git a/conf/logrotate/lecoffre-back.conf b/conf/logrotate/lecoffre-back.conf deleted file mode 100644 index b744243..0000000 --- a/conf/logrotate/lecoffre-back.conf +++ /dev/null @@ -1,3 +0,0 @@ -logs/lecoffre-back/*.log { - -} diff --git a/conf/logrotate/sdk_signer.conf b/conf/logrotate/sdk_signer.conf deleted file mode 100644 index 05c390a..0000000 --- a/conf/logrotate/sdk_signer.conf +++ /dev/null @@ -1,13 +0,0 @@ -logs/sdk_signer/*.log { - daily - missingok - rotate 7 - compress - delaycompress - notifempty - create 644 root root - postrotate - # Redémarrer le service si nécessaire - docker restart sdk_signer 2>/dev/null || true - endscript -} diff --git a/conf/monitoring.conf b/conf/monitoring.conf index 9af9c41..b478228 100644 --- a/conf/monitoring.conf +++ b/conf/monitoring.conf @@ -21,7 +21,7 @@ log_compression=true [services] # Services surveillés -services=bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner +services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner [alerts] # Configuration des alertes diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf index b1cdd25..a49d32c 100644 --- a/conf/nginx/dev4.4nkweb.com-https.conf +++ b/conf/nginx/dev4.4nkweb.com-https.conf @@ -134,35 +134,14 @@ server { proxy_buffering off; } - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - + # API direct - route /api/ vers le backend (dev3) location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/; - include /etc/nginx/proxy_params; + proxy_pass http://31.33.24.235:8080/api/; + proxy_set_header Host dev3.4nkweb.com; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; @@ -185,10 +164,14 @@ server { proxy_read_timeout 86400; } - # API de transfert de fonds + # API de transfert de fonds (dev3) location /api/v1/funds/ { - proxy_pass http://localhost:8080/api/v1/funds/; - include /etc/nginx/proxy_params; + proxy_pass http://31.33.24.235:8080/api/v1/funds/; + proxy_set_header Host dev3.4nkweb.com; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; @@ -206,16 +189,6 @@ server { include /etc/nginx/proxy_params; } - # signer (sdk_signer) avec support WebSocket - location /signer/ { - proxy_pass http://localhost:3001/; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - # lecoffre-front - Application LeCoffre # Forcer le trailing slash pour éviter les redirections et erreurs 500 côté Next.js location = /lecoffre { diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf index 0b0a67e..bbe69c4 100644 --- a/conf/nginx/dev4.4nkweb.com.conf +++ b/conf/nginx/dev4.4nkweb.com.conf @@ -255,14 +255,4 @@ server { include /etc/nginx/proxy_params; } - # signer (sdk_signer) avec support WebSocket - location /signer/ { - proxy_pass http://localhost:3001/; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - } diff --git a/conf/nginx/local.4nkweb.com-3000.conf b/conf/nginx/local.4nkweb.com-3000.conf deleted file mode 100644 index ec8196f..0000000 --- a/conf/nginx/local.4nkweb.com-3000.conf +++ /dev/null @@ -1,64 +0,0 @@ -server { - listen 0.0.0.0:3000; - listen [::]:3000; - server_name dev3.4nkweb.com; - - # HTTP pur: pas de HTTPS ni HSTS - - # Favicon - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - } - - # Compat: callback ID.not sans basePath (toutes variantes et querystring) - location /authorized-client { - proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Entrée sans slash - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # BasePath /lecoffre - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # HMR (si utilisé en local) - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - # Assets Next.js - location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { - expires 7d; - add_header Cache-Control "public, max-age=604800, immutable" always; - proxy_pass http://127.0.0.2:3004$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_read_timeout 300; - } -} diff --git a/conf/nginx/local.4nkweb.com.conf b/conf/nginx/local.4nkweb.com.conf deleted file mode 100644 index fb6b90b..0000000 --- a/conf/nginx/local.4nkweb.com.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 80; - server_name local.4nkweb.com; - - # HTTP only: pas de redirection HTTPS, pas d'HSTS - location / { - return 302 http://local.4nkweb.com:3000$request_uri; - } -} diff --git a/conf/nginx/local.lecoffreio.4nkweb-3000.conf b/conf/nginx/local.lecoffreio.4nkweb-3000.conf deleted file mode 100644 index ac33f36..0000000 --- a/conf/nginx/local.lecoffreio.4nkweb-3000.conf +++ /dev/null @@ -1,55 +0,0 @@ -server { - listen 0.0.0.0:3000; - listen [::]:3000; - server_name local.lecoffreio.4nkweb; - - # Ne jamais forcer HTTPS ni HSTS sur ce vhost local - # Pas de return 301, pas de add_header HSTS - - # Favicon local par défaut - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - } - - # Entrée sans slash pour éviter les boucles - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Sous-chemin Next.js (préserve le prefix) - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # HMR en dev (si jamais on l’utilise en local HTTP) - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - # Assets Next.js / cache léger côté proxy - location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { - expires 7d; - add_header Cache-Control "public, max-age=604800, immutable" always; - proxy_pass http://127.0.0.2:3004$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_read_timeout 300; - } -} diff --git a/conf/nginx/local.lecoffreio.4nkweb.conf b/conf/nginx/local.lecoffreio.4nkweb.conf deleted file mode 100644 index 996144d..0000000 --- a/conf/nginx/local.lecoffreio.4nkweb.conf +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80; - server_name local.lecoffreio.4nkweb; - - # HTTP pur: pas de redirection vers HTTPS, pas d'HSTS - - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - } - - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { - expires 7d; - add_header Cache-Control "public, max-age=604800, immutable" always; - proxy_pass http://127.0.0.2:3004$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_read_timeout 300; - } -} diff --git a/conf/nginx/nginx.conf b/conf/nginx/nginx.conf index 3663467..7376ee0 100644 --- a/conf/nginx/nginx.conf +++ b/conf/nginx/nginx.conf @@ -51,10 +51,6 @@ http { limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s; # Upstream servers - upstream lecoffre_backend { - server localhost:8080; - keepalive 32; - } upstream lecoffre_frontend { server localhost:3004; @@ -86,11 +82,6 @@ http { keepalive 32; } - upstream sdk_signer { - server localhost:3001; - keepalive 32; - } - upstream blindbit { server localhost:8000; keepalive 32; @@ -296,19 +287,6 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # signer (sdk_signer) avec support WebSocket - location /signer/ { - proxy_pass http://sdk_signer/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - # LeCoffre Front - Application principale location /lecoffre/ { proxy_pass http://lecoffre_frontend/; @@ -341,31 +319,6 @@ http { proxy_read_timeout 300; } } - - # Serveur pour redirections externes IdNot (port 3000) - server { - listen 3000 default_server; - listen [::]:3000 default_server; - server_name dev3.4nkweb.com; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - - # Page de statut des services - location /status/ { - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - # API de statut des services location /status/api { limit_req zone=api burst=20 nodelay; diff --git a/conf/promtail/promtail.yml b/conf/promtail/promtail.yml index 5fe99c5..f360651 100644 --- a/conf/promtail/promtail.yml +++ b/conf/promtail/promtail.yml @@ -39,16 +39,6 @@ scrape_configs: service: sdk_relay __path__: /var/log/lecoffre/sdk_relay/*.log - # SDK Signer Logs - - job_name: sdk_signer - static_configs: - - targets: - - localhost - labels: - job: sdk_signer - service: sdk_signer - __path__: /var/log/lecoffre/sdk_signer/*.log - # SDK Storage Logs - job_name: sdk_storage static_configs: diff --git a/docker-compose.yml.backup b/docker-compose.yml.backup deleted file mode 100644 index 0442dae..0000000 --- a/docker-compose.yml.backup +++ /dev/null @@ -1,403 +0,0 @@ -services: - tor: - image: btcpayserver/tor:0.4.8.10 - container_name: tor-proxy - volumes: - - ./logs/tor:/var/log/tor - networks: - btcnet: - aliases: - - tor - healthcheck: - test: ["CMD", "sh", "-c", "if test -f /var/log/tor/tor.log && test -s /var/log/tor/tor.log; then echo 'Tor ready: SOCKS proxy listening on port 9050'; exit 0; else echo 'Tor starting: SOCKS proxy not yet ready'; exit 1; fi"] - interval: 10s - timeout: 5s - retries: 50 - restart: unless-stopped - - bitcoin: - image: git.4nkweb.com/4nk/bitcoin:latest - container_name: bitcoin-signet - depends_on: - tor: - condition: service_healthy - volumes: - - bitcoin_data:/home/bitcoin/.bitcoin - - ./conf/bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro - - ./logs/bitcoin:/var/log/bitcoin - networks: - btcnet: - aliases: - - bitcoin - user: root - entrypoint: > - /bin/sh -c " - chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)'; - exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet" - healthcheck: - test: ["CMD", "sh", "-c", "if bitcoin-cli -conf=/etc/bitcoin/bitcoin.conf getblockchaininfo > /dev/null 2>&1; then echo 'Bitcoin ready: RPC responding'; exit 0; else echo 'Bitcoin starting: RPC not ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - restart: unless-stopped - - blindbit: - image: git.4nkweb.com/4nk/blindbit-oracle:dev - container_name: blindbit-oracle - depends_on: - bitcoin: - condition: service_healthy - volumes: - - blindbit_data:/root/.blindbit-oracle - - ./blindbit/blindbit.toml:/tmp/blindbit.toml:ro - - bitcoin_data:/home/bitcoin/.bitcoin - - ./logs/blindbit:/var/log/blindbit - entrypoint: > - sh -c "cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml && - ./main -datadir /root/.blindbit-oracle" - networks: - btcnet: - aliases: - - blindbit - ports: - - "0.0.0.0:8000:8000" - healthcheck: - test: ["CMD", "sh", "-c", "if wget -q --spider http://localhost:8000/tweaks/1; then echo 'BlindBit ready: Oracle service responding'; exit 0; else echo 'BlindBit starting: Oracle service not yet ready'; exit 1; fi"] - interval: 15s - timeout: 5s - retries: 50 - restart: unless-stopped - - sdk_relay: - image: git.4nkweb.com/4nk/sdk_relay:ext - container_name: sdk_relay - depends_on: - blindbit: - condition: service_healthy - volumes: - - ./conf/relay/sdk_relay.conf:/app/.conf:ro - - sdk_data:/app/.4nk - - bitcoin_data:/app/.bitcoin - - ./scripts/funds:/scripts/funds:ro - - ./logs/sdk_relay:/var/log/sdk_relay - ports: - - "0.0.0.0:8090:8090" - - "0.0.0.0:8091:8091" - networks: - btcnet: - aliases: - - sdk_relay - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - environment: - - HOME=/app - - CORE_URL=${SDK_RELAY_CORE_URL} - - WS_URL=${SDK_RELAY_WS_URL} - - WALLET_NAME=${SDK_RELAY_WALLET_NAME} - - NETWORK=${SDK_RELAY_NETWORK} - - BLINDBIT_URL=${SDK_RELAY_BLINDBIT_URL} - - ZMQ_URL=${SDK_RELAY_ZMQ_URL} - - STORAGE=${SDK_RELAY_STORAGE} - - DATA_DIR=${SDK_RELAY_DATA_DIR} - - BITCOIN_DATA_DIR=${SDK_RELAY_BITCOIN_DATA_DIR} - - BOOTSTRAP_URL=${SDK_RELAY_BOOTSTRAP_URL} - - BOOTSTRAP_FAUCET=${SDK_RELAY_BOOTSTRAP_FAUCET} - - RUST_LOG=INFO - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo 'SDK Relay ready: WebSocket server responding'; exit 0; else echo 'SDK Relay IBD: Waiting for Bitcoin sync to complete'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - restart: unless-stopped - - - - lecoffre-front: - image: git.4nkweb.com/4nk/lecoffre-front:ext - container_name: lecoffre-front - working_dir: /leCoffre-front - environment: - - NODE_OPTIONS=${NODE_OPTIONS} - - NODE_ENV=${NODE_ENV} - - NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} - - NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} - - NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} - - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} - - NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} - - NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} - - NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} - - NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} - - NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} - ports: - - "0.0.0.0:3004:3000" - volumes: - - ./logs/lecoffre-front:/var/log/lecoffre-front - networks: - btcnet: - aliases: - - lecoffre-front - depends_on: - lecoffre-back: - condition: service_healthy - ihm_client: - condition: service_healthy - sdk_storage: - condition: service_healthy - sdk_signer: - condition: service_healthy - user: lecoffreuser - command: ["node", "server.js"] - healthcheck: - test: ["CMD", "sh", "-c", "if ps aux | grep -v grep | grep next-server >/dev/null 2>&1; then echo 'LeCoffre Frontend ready: Next.js server running'; exit 0; else echo 'LeCoffre Frontend starting: Next.js server not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - - ihm_client: - image: git.4nkweb.com/4nk/ihm_client:ext - container_name: ihm_client - environment: - - VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY} - - VITE_API_BASE_URL=${VITE_API_BASE_URL} - - VITE_WS_URL=${VITE_WS_URL} - - VITE_STORAGE_URL=${VITE_STORAGE_URL} - - VITE_SIGNER_URL=${VITE_SIGNER_URL} - - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ - ports: - - "0.0.0.0:3003:3003" - volumes: - - ./logs/ihm_client:/var/log/ihm_client - networks: - btcnet: - aliases: - - ihm_client - depends_on: - sdk_relay: - condition: service_healthy - sdk_storage: - condition: service_healthy - sdk_signer: - condition: service_healthy - user: root - command: ["npm", "start"] - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:3003/ >/dev/null 2>&1; then echo 'IHM Client ready: Vite dev server responding'; exit 0; else echo 'IHM Client starting: Vite dev server not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - - sdk_signer: - image: git.4nkweb.com/4nk/sdk_signer:ext - container_name: sdk_signer - ports: - - "0.0.0.0:3001:9090" - volumes: - - ./logs/sdk_signer:/var/log/sdk_signer - networks: - btcnet: - aliases: - - sdk_signer - user: appuser - depends_on: - sdk_storage: - condition: service_healthy - command: ["node", "/app/dist/index.js"] - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo 'SDK Signer ready: WebSocket server responding'; exit 0; else echo 'SDK Signer starting: WebSocket server not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - environment: - - PORT=${SIGNER_PORT} - - API_KEY=${SIGNER_API_KEY} - - DATABASE_PATH=${SIGNER_DATABASE_PATH} - - RELAY_URLS=${SIGNER_RELAY_URLS} - - AUTO_RESTART=${SIGNER_AUTO_RESTART} - - MAX_RESTARTS=${SIGNER_MAX_RESTARTS} - - LOG_LEVEL=${SIGNER_LOG_LEVEL} - - SIGNER_WS_URL=ws://dev3.4nkweb.com:9090 - - SIGNER_BASE_URL=https://dev3.4nkweb.com - - sdk_storage: - image: git.4nkweb.com/4nk/sdk_storage:ext - container_name: sdk_storage - ports: - - "0.0.0.0:8081:8080" - volumes: - - ./logs/sdk_storage:/var/log/sdk_storage - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - networks: - btcnet: - aliases: - - sdk_storage - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - - watchtower: - image: containrrr/watchtower - container_name: watchtower - volumes: - - /var/run/docker.sock:/var/run/docker.sock - command: --interval 30 --label-enable - networks: - - btcnet - restart: unless-stopped - - signet_miner: - build: - context: ./miner - container_name: signet_miner - depends_on: - bitcoin: - condition: service_healthy - env_file: - - ./miner/.env - volumes: - - bitcoin_data:/bitcoin:ro - - ./logs/miner:/var/log/miner - networks: - btcnet: - aliases: - - signet_miner - profiles: ["miner"] - restart: unless-stopped - - grafana: - image: grafana/grafana:latest - container_name: grafana - ports: - - "0.0.0.0:3005:3000" - volumes: - - grafana_data:/var/lib/grafana - - ./conf/grafana/provisioning:/etc/grafana/provisioning - - ./conf/grafana/dashboards:/var/lib/grafana/dashboards - - ./conf/grafana/grafana.ini:/etc/grafana/grafana.ini:ro - - ./logs:/var/log/lecoffre:ro - environment: - - GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU - - GF_USERS_ALLOW_SIGN_UP=false - - GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ - - GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource - networks: - btcnet: - aliases: - - grafana - depends_on: - loki: - condition: service_healthy - promtail: - condition: service_healthy - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:3000/api/health >/dev/null 2>&1; then echo 'Grafana ready: Dashboard service responding'; exit 0; else echo 'Grafana starting: Dashboard service not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 60s - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - - loki: - image: grafana/loki:latest - container_name: loki - ports: - - "0.0.0.0:3100:3100" - volumes: - - loki_data:/loki - - ./conf/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro - command: -config.file=/etc/loki/loki-config.yaml - networks: - btcnet: - aliases: - - loki - healthcheck: - test: ["CMD", "wget", "-q", "--spider", "http://localhost:3100/ready"] - interval: 30s - timeout: 15s - retries: 50 - start_period: 120s - restart: unless-stopped - - promtail: - image: promtail-custom:ext - container_name: promtail - volumes: - - ./logs:/var/log/lecoffre:ro - - ./conf/promtail/promtail.yml:/etc/promtail/config.yml:ro - - /var/run/docker.sock:/var/run/docker.sock - command: -config.file=/etc/promtail/config.yml - networks: - btcnet: - aliases: - - promtail - depends_on: - loki: - condition: service_healthy - healthcheck: - test: ["CMD", "sh", "-c", "if [ -f /tmp/positions.yaml ]; then echo 'Promtail ready: Log collection service responding'; exit 0; else echo 'Promtail starting: Log collection service not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - restart: unless-stopped - - # Service de statut des services - status-api: - build: - context: ./web/status - dockerfile: Dockerfile.python - container_name: status-api - ports: - - "0.0.0.0:3006:3006" - volumes: - - ./web/status/api.py:/app/api.py:ro - networks: - btcnet: - aliases: - - status-api - healthcheck: - test: ["CMD", "sh", "-c", "if curl -f http://localhost:3006/api >/dev/null 2>&1; then echo 'Status API ready: Service monitoring API responding'; exit 0; else echo 'Status API starting: Service monitoring API not yet ready'; exit 1; fi"] - interval: 30s - timeout: 10s - retries: 50 - start_period: 30s - labels: - - "com.centurylinklabs.watchtower.enable=true" - restart: unless-stopped - -volumes: - bitcoin_data: - name: 4nk_node_bitcoin_data - blindbit_data: - sdk_data: - grafana_data: - loki_data: - -networks: - btcnet: - name: 4nk_node_btcnet - driver: bridge - ipam: - config: - - subnet: 172.20.0.0/16 diff --git a/scripts/README.md b/scripts/README.md index 30d9969..5c78bd4 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -195,7 +195,6 @@ Les données sont persistées dans les volumes Docker suivants : - `4nk_node_bitcoin_data` : Données Bitcoin Signet - `4nk_node_blindbit_data` : Données BlindBit Oracle - `4nk_node_sdk_data` : Données SDK Relay -- `4nk_node_sdk_signer_data` : Données SDK Signer - `4nk_node_sdk_storage_data` : Données SDK Storage - `4nk_node_grafana_data` : Données Grafana - `4nk_node_loki_data` : Données Loki diff --git a/scripts/backup-data.sh b/scripts/backup-data.sh index caf22f8..f2724d6 100755 --- a/scripts/backup-data.sh +++ b/scripts/backup-data.sh @@ -14,6 +14,8 @@ NC='\033[0m' # No Color BACKUP_DIR="./backups" TIMESTAMP=$(date +%Y%m%d_%H%M%S) BACKUP_NAME="lecoffre_backup_${TIMESTAMP}" +HOST_UID=$(id -u) +HOST_GID=$(id -g) echo -e "${BLUE}========================================${NC}" echo -e "${BLUE} LeCoffre Node - Data Backup${NC}" @@ -35,10 +37,11 @@ backup_volume() { if docker volume inspect "$volume_name" >/dev/null 2>&1; then docker run --rm \ + -e HOST_UID="$HOST_UID" -e HOST_GID="$HOST_GID" \ -v "$volume_name":/source:ro \ -v "$(pwd)/$BACKUP_DIR/$BACKUP_NAME":/backup \ alpine:latest \ - sh -c "mkdir -p /backup$backup_path && cp -r /source/* /backup$backup_path/ 2>/dev/null || true && chmod -R 755 /backup$backup_path 2>/dev/null || true" + sh -c "mkdir -p /backup$backup_path && cp -r /source/* /backup$backup_path/ 2>/dev/null || true && chmod -R 755 /backup$backup_path 2>/dev/null || true && chown -R \$HOST_UID:\$HOST_GID /backup$backup_path 2>/dev/null || true" echo -e "${GREEN}✓ $description backed up${NC}" else echo -e "${YELLOW}⚠ Volume $volume_name not found${NC}" @@ -52,7 +55,6 @@ mkdir -p "$BACKUP_DIR/$BACKUP_NAME" backup_volume "4nk_node_bitcoin_data" "/bitcoin" "Bitcoin Signet Data" backup_volume "4nk_node_blindbit_data" "/blindbit" "BlindBit Oracle Data" backup_volume "4nk_node_sdk_data" "/sdk" "SDK Relay Data" -backup_volume "4nk_node_sdk_signer_data" "/sdk_signer" "SDK Signer Data" backup_volume "4nk_node_sdk_storage_data" "/sdk_storage" "SDK Storage Data" backup_volume "4nk_node_grafana_data" "/grafana" "Grafana Data" backup_volume "4nk_node_loki_data" "/loki" "Loki Data" @@ -60,11 +62,8 @@ backup_volume "4nk_node_loki_data" "/loki" "Loki Data" # Créer une archive compressée echo -e "${BLUE}Creating compressed archive...${NC}" cd "$BACKUP_DIR" -tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" 2>/dev/null || { - echo -e "${YELLOW}Warning: Some files could not be archived due to permissions${NC}" - tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" --ignore-failed-read 2>/dev/null || true -} -rm -rf "$BACKUP_NAME" +tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" --ignore-failed-read 2>/dev/null || true +rm -rf "$BACKUP_NAME" || sudo rm -rf "$BACKUP_NAME" || true cd .. # Afficher les informations de sauvegarde diff --git a/scripts/build-project.sh b/scripts/build-project.sh index deb824b..9f389c1 100755 --- a/scripts/build-project.sh +++ b/scripts/build-project.sh @@ -7,7 +7,6 @@ # - bitcoin: Bitcoin Signet # - blindbit: BlindBit Oracle # - sdk_relay: SDK Relay -# - sdk_signer: SDK Signer # - sdk_storage: SDK Storage # - lecoffre-front: LeCoffre Frontend # - ihm_client: IHM Client @@ -47,7 +46,6 @@ if [[ $# -lt 1 ]]; then echo " - lecoffre-front" echo " - sdk_relay" echo " - sdk_storage" - echo " - sdk_signer" echo "" echo "Exemples:" echo " $0 ihm_client" diff --git a/scripts/collect-logs.sh b/scripts/collect-logs.sh index f8569ca..60ec145 100755 --- a/scripts/collect-logs.sh +++ b/scripts/collect-logs.sh @@ -29,7 +29,6 @@ else "bitcoin-signet:bitcoin" "blindbit-oracle:blindbit" "sdk_relay:sdk_relay" - "sdk_signer:sdk_signer" "sdk_storage:sdk_storage" "lecoffre-back:lecoffre-back" "lecoffre-front:lecoffre-front" diff --git a/scripts/deploy-grafana.sh b/scripts/deploy-grafana.sh index 0d3294c..a03a9ac 100755 --- a/scripts/deploy-grafana.sh +++ b/scripts/deploy-grafana.sh @@ -74,7 +74,7 @@ start_monitoring() { check_config # Créer les dossiers nécessaires - mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx} + mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx} # Démarrer les services de monitoring log_info "Démarrage de Loki..." diff --git a/scripts/healthchecks/sdk-signer-progress.sh b/scripts/healthchecks/sdk-signer-progress.sh index 403185f..d9cc2f9 100755 --- a/scripts/healthchecks/sdk-signer-progress.sh +++ b/scripts/healthchecks/sdk-signer-progress.sh @@ -2,21 +2,3 @@ # Healthcheck for SDK Signer # Prefer checking the HTTP endpoint first; fall back to log-based progress hints - -# 1) If HTTP endpoint responds with an acceptable status, we're healthy -HTTP_CODE=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:9090/ 2>/dev/null || echo "000") -if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "101" ] || [ "$HTTP_CODE" = "426" ]; then - echo "SDK Signer ready: HTTP $HTTP_CODE" - exit 0 -fi - -# 2) If not yet responding, try to surface a recent meaningful log line -signer_logs=$(tail -20 /var/log/sdk_signer/sdk_signer.log 2>/dev/null | grep -E "(Disconnected|reconnect|error|connected|waiting|connecting|handshake|Initialized|Background sync)" | tail -1 || true) -if [ -n "$signer_logs" ]; then - echo "SDK Signer conn: $signer_logs" - exit 1 -fi - -# 3) Default: still starting up -echo 'SDK Signer starting: WebSocket server initializing' -exit 1 diff --git a/scripts/restore-data.sh b/scripts/restore-data.sh index 1da31c5..f75212c 100755 --- a/scripts/restore-data.sh +++ b/scripts/restore-data.sh @@ -81,7 +81,6 @@ restore_volume() { restore_volume "4nk_node_bitcoin_data" "/bitcoin" "Bitcoin Signet Data" restore_volume "4nk_node_blindbit_data" "/blindbit" "BlindBit Oracle Data" restore_volume "4nk_node_sdk_data" "/sdk" "SDK Relay Data" -restore_volume "4nk_node_sdk_signer_data" "/sdk_signer" "SDK Signer Data" restore_volume "4nk_node_sdk_storage_data" "/sdk_storage" "SDK Storage Data" restore_volume "4nk_node_grafana_data" "/grafana" "Grafana Data" restore_volume "4nk_node_loki_data" "/loki" "Loki Data" diff --git a/scripts/setup-logs.sh b/scripts/setup-logs.sh index bbab827..8ef8952 100755 --- a/scripts/setup-logs.sh +++ b/scripts/setup-logs.sh @@ -8,12 +8,12 @@ set -e echo "🔧 Configuration de la centralisation des logs..." # Créer les dossiers de logs -mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx} +mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx} # Créer des fichiers de log de test pour chaque service echo "📝 Création des fichiers de log de test..." -for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do +for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do log_file="logs/${service}/${service}.log" echo "$(date): Test log entry for ${service}" > "$log_file" echo "$(date): Service ${service} started successfully" >> "$log_file" @@ -23,7 +23,7 @@ done # Créer des fichiers de log avec rotation echo "🔄 Configuration de la rotation des logs..." -for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do +for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do logrotate_config="conf/logrotate/${service}.conf" mkdir -p conf/logrotate @@ -72,7 +72,7 @@ else # Collecter les logs de tous les services echo "📊 Collecte des logs de tous les services..." - for service in bitcoin-signet blindbit-oracle sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor-proxy signet_miner; do + for service in bitcoin-signet blindbit-oracle sdk_relaysdk_storage lecoffre-front ihm_client tor-proxy signet_miner; do if docker ps --format "table {{.Names}}" | grep -q "^${service}$"; then echo "📝 Collecte des logs pour $service..." mkdir -p "$LOG_DIR/${service##*-}" # Enlever le préfixe si nécessaire diff --git a/scripts/start.sh b/scripts/start.sh index 62cd6c7..382327b 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -103,22 +103,6 @@ show_detailed_progress() { echo -e " ${RED}SDK Relay: Not running${NC}" fi - # SDK Signer - if docker ps --format '{{.Names}}' | grep -q "sdk_signer"; then - local ws_response=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:9090/ 2>/dev/null || echo "000") - if [ "$ws_response" = "101" ] || [ "$ws_response" = "426" ]; then - echo -e " ${GREEN}SDK Signer: Ready${NC}" - else - local signer_logs=$(docker logs sdk_signer --tail 5 2>/dev/null | grep -E "(Disconnected|reconnect|error|connected|waiting|connecting)" | tail -1 || echo "") - if [ -n "$signer_logs" ]; then - echo -e " ${YELLOW}SDK Signer Conn: $signer_logs${NC}" - else - echo -e " ${YELLOW}SDK Signer: Starting...${NC}" - fi - fi - else - echo -e " ${RED}SDK Signer: Not running${NC}" - fi # URLs publiques HTTPS echo -e "${CYAN}Public URLs Status:${NC}" @@ -237,7 +221,6 @@ services=( "blindbit:BlindBit Oracle" "sdk_storage:SDK Storage" "sdk_relay:SDK Relay" - "sdk_signer:SDK Signer" "lecoffre-front:LeCoffre Frontend" "ihm_client:IHM Client" "grafana:Grafana" diff --git a/scripts/sync-monitoring-config.sh b/scripts/sync-monitoring-config.sh index e6f7a0d..5060b08 100755 --- a/scripts/sync-monitoring-config.sh +++ b/scripts/sync-monitoring-config.sh @@ -28,7 +28,7 @@ log_info "🔄 Synchronisation de la configuration de monitoring..." # Créer la structure de dossiers log_info "Création de la structure de dossiers..." mkdir -p conf/{grafana/{provisioning/{datasources,dashboards},dashboards},promtail,logrotate,nginx} -mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx} +mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx} # Copier la configuration Nginx si elle n'existe pas if [ ! -f "conf/nginx/grafana.conf" ]; then @@ -89,7 +89,7 @@ fi # Créer des fichiers de log de test pour chaque service log_info "Création des fichiers de log de test..." -for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do +for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do log_file="logs/${service}/${service}.log" if [ ! -f "$log_file" ]; then echo "$(date): Test log entry for ${service}" > "$log_file" @@ -156,7 +156,7 @@ log_compression=true [services] # Services surveillés -services=bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner +services=bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner [alerts] # Configuration des alertes diff --git a/scripts/test-dashboards.sh b/scripts/test-dashboards.sh index 3d180d1..0341636 100755 --- a/scripts/test-dashboards.sh +++ b/scripts/test-dashboards.sh @@ -70,7 +70,7 @@ test_loki_api() { test_service_logs() { echo "📋 Test des logs des services" - services=("bitcoin-signet" "blindbit-oracle" "sdk_relay" "sdk_signer" "sdk_storage" "lecoffre-front" "ihm_client" "signet_miner") + services=("bitcoin-signet" "blindbit-oracle" "sdk_relay""sdk_storage" "lecoffre-front" "ihm_client" "signet_miner") for service in "${services[@]}"; do echo " 🔍 Test des logs: $service" diff --git a/scripts/update-healthchecks.sh b/scripts/update-healthchecks.sh index 17e5fd3..49a3239 100755 --- a/scripts/update-healthchecks.sh +++ b/scripts/update-healthchecks.sh @@ -62,10 +62,5 @@ replace_healthcheck "sdk_relay" \ '["CMD", "sh", "-c", "if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo '\''SDK Relay ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Relay IBD: Waiting for Bitcoin sync to complete'\''; exit 1; fi"]' \ '["CMD", "sh", "-c", "relay_logs=\$(tail -10 /var/log/sdk_relay/sdk_relay.log 2>/dev/null | grep -E \"(IBD|blocks|headers|waiting|scanning)\" | tail -1 || echo \"\"); if [ -n \"\$relay_logs\" ]; then echo \"SDK Relay sync: \$relay_logs\"; exit 1; else if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo '\''SDK Relay ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Relay starting: WebSocket server not yet ready'\''; exit 1; fi; fi"]' -# Mettre à jour SDK Signer -replace_healthcheck "sdk_signer" \ - '["CMD", "sh", "-c", "if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo '\''SDK Signer ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Signer starting: WebSocket server not yet ready'\''; exit 1; fi"]' \ - '["CMD", "sh", "-c", "signer_logs=\$(tail -10 /var/log/sdk_signer/sdk_signer.log 2>/dev/null | grep -E \"(Disconnected|reconnect|error|connected|waiting)\" | tail -1 || echo \"\"); if [ -n \"\$signer_logs\" ]; then echo \"SDK Signer conn: \$signer_logs\"; exit 1; else if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo '\''SDK Signer ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Signer starting: WebSocket server not yet ready'\''; exit 1; fi; fi"]' - echo "Healthchecks mis à jour avec succès!" echo "Sauvegarde créée: $BACKUP_FILE" diff --git a/scripts/validate-deployment.sh b/scripts/validate-deployment.sh index fcb3e4d..92e209e 100755 --- a/scripts/validate-deployment.sh +++ b/scripts/validate-deployment.sh @@ -97,7 +97,6 @@ echo -e "${CYAN}=== Volume Validation ===${NC}" check_volume "4nk_node_bitcoin_data" "Bitcoin Signet Data" check_volume "4nk_node_blindbit_data" "BlindBit Oracle Data" check_volume "4nk_node_sdk_data" "SDK Relay Data" -check_volume "4nk_node_sdk_signer_data" "SDK Signer Data" check_volume "4nk_node_sdk_storage_data" "SDK Storage Data" check_volume "4nk_node_grafana_data" "Grafana Data" check_volume "4nk_node_loki_data" "Loki Data" @@ -110,7 +109,6 @@ check_service "bitcoin-signet" "Bitcoin Signet" "" "" check_service "blindbit-oracle" "BlindBit Oracle" "http://localhost:8000/tweaks/1" "200" check_service "sdk_storage" "SDK Storage" "http://localhost:8081/health" "200" check_service "sdk_relay" "SDK Relay" "http://localhost:8091/" "200" -check_service "sdk_signer" "SDK Signer" "http://localhost:3001/" "101,426,200" check_service "lecoffre-front" "LeCoffre Frontend" "http://localhost:3004/lecoffre/" "200,301,302,307,308" check_service "ihm_client" "IHM Client" "http://localhost:3003/" "200" check_service "grafana" "Grafana" "http://localhost:3005/api/health" "200" diff --git a/tests/smoke_dev4.md b/tests/smoke_dev4.md index 79f69e6..e6b005b 100644 --- a/tests/smoke_dev4.md +++ b/tests/smoke_dev4.md @@ -20,10 +20,8 @@ Nginx - Pas derreurs critiques dans error.log Résultats (17/09/2025) -- / → 200 - /lecoffre/ → 404 - /lecoffre/404 → 404 (avec `runtimeConfig` présent et `assetPrefix` = /lecoffre) - /back/ → 200 - /blindbit/ → 200 -- /signer/ → 200 - /storage/ → 404 diff --git a/tests/smoke_local_http.md b/tests/smoke_local_http.md deleted file mode 100644 index ad720b3..0000000 --- a/tests/smoke_local_http.md +++ /dev/null @@ -1,14 +0,0 @@ -### Smoke tests - local.lecoffreio.4nkweb (HTTP) - -- **/lecoffre/**: doit répondre 200 (pas de redirection HTTPS) -- **/_next/** et **/lecoffre/_next/**: assets servis, codes 200/304 -- **favicon**: `http://local.lecoffreio.4nkweb:3000/favicon.ico` répond 200 si présent - -Commandes de vérification: - -```bash -curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/ -curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/_next/static/chunks/main.js -``` - - diff --git a/web/status/api.js b/web/status/api.js index 41009ff..4c06650 100644 --- a/web/status/api.js +++ b/web/status/api.js @@ -21,7 +21,6 @@ const services = [ { name: 'Bitcoin Signet', container: 'bitcoin', port: 8332, protocol: 'RPC' }, { name: 'BlindBit Oracle', container: 'blindbit', port: 8000, protocol: 'HTTP' }, { name: 'SDK Relay', container: 'sdk_relay', port: 8090, protocol: 'WebSocket' }, - { name: 'SDK Signer', container: 'sdk_signer', port: 9090, protocol: 'WebSocket' }, { name: 'SDK Storage', container: 'sdk_storage', port: 8080, protocol: 'HTTP' }, { name: 'LeCoffre Backend', container: 'lecoffre-back', port: 8080, protocol: 'HTTP' }, { name: 'LeCoffre Frontend', container: 'lecoffre-front', port: 3000, protocol: 'HTTP' }, diff --git a/web/status/api.py b/web/status/api.py index 93fd5c8..76acb17 100644 --- a/web/status/api.py +++ b/web/status/api.py @@ -258,7 +258,6 @@ class StatusAPIHandler(BaseHTTPRequestHandler): {"name": "Bitcoin Signet", "container": "bitcoin-signet", "protocol": "RPC", "port": 8332, "health": lambda: exec_health("bitcoin-signet", "/scripts/healthchecks/bitcoin-progress.sh")}, {"name": "BlindBit Oracle", "container": "blindbit-oracle", "protocol": "HTTP", "port": 8000, "health": lambda: exec_health("blindbit-oracle", "/scripts/healthchecks/blindbit-progress.sh")}, {"name": "SDK Relay", "container": "sdk_relay", "protocol": "WebSocket", "port": 8090, "health": lambda: exec_health("sdk_relay", "/scripts/healthchecks/sdk-relay-progress.sh")}, - {"name": "SDK Signer", "container": "sdk_signer", "protocol": "WebSocket", "port": 9090, "health": lambda: exec_health("sdk_signer", "/scripts/healthchecks/sdk-signer-progress.sh")}, {"name": "SDK Storage", "container": "sdk_storage", "protocol": "HTTP", "port": 8080, "probe": lambda: http_probe("http://sdk_storage:8080/health")}, {"name": "LeCoffre Frontend", "container": "lecoffre-front", "protocol": "HTTP", "port": 3000}, {"name": "IHM Client", "container": "ihm_client", "protocol": "HTTP", "port": 3003}, @@ -552,15 +551,6 @@ class StatusAPIHandler(BaseHTTPRequestHandler): # Miner wallet: try default 'miner' else listwallets miner_wallet = "miner" wallets["Miner Signet"] = btc_wallet_balance(miner_wallet) - # SDK Signer wallet name from its container env - signer_env = get_container_env("sdk_signer") - signer_wallet = signer_env.get("SIGNER_WALLET_NAME") or env_map.get("SIGNER_WALLET_NAME") - if not signer_wallet: - # optional conf path example - signer_conf = get_file_in_container("sdk_signer", "/app/.conf") - signer_wallet = parse_wallet_name_from_conf(signer_conf) - if signer_wallet: - wallets["Signer Bootstrap"] = btc_wallet_balance(signer_wallet) relay_bootstrap_wallet = env_map.get("RELAY_BOOTSTRAP_WALLET_NAME") if relay_bootstrap_wallet: wallets["Relay Bootstrap"] = btc_wallet_balance(relay_bootstrap_wallet) diff --git a/web/status/working-api.js b/web/status/working-api.js index d5fba06..abb42a1 100644 --- a/web/status/working-api.js +++ b/web/status/working-api.js @@ -18,7 +18,6 @@ app.get('/api', (req, res) => { { name: 'Bitcoin Signet', status: 'running', image: 'btcpayserver/bitcoin:27.1', ip: '172.20.0.2', port: '8332', protocol: 'RPC', uptime: '2h 15m', health: 'healthy' }, { name: 'BlindBit Oracle', status: 'running', image: 'blindbit/oracle:latest', ip: '172.20.0.3', port: '8000', protocol: 'HTTP', uptime: '2h 10m', health: 'healthy' }, { name: 'SDK Relay', status: 'running', image: 'sdk_relay:ext', ip: '172.20.0.4', port: '8090', protocol: 'WebSocket', uptime: '2h 5m', health: 'healthy' }, - { name: 'SDK Signer', status: 'running', image: 'sdk_signer:ext', ip: '172.20.0.5', port: '9090', protocol: 'WebSocket', uptime: '2h 0m', health: 'healthy' }, { name: 'SDK Storage', status: 'running', image: 'sdk_storage:ext', ip: '172.20.0.6', port: '8080', protocol: 'HTTP', uptime: '1h 55m', health: 'healthy' }, { name: 'LeCoffre Frontend', status: 'running', image: 'lecoffre-front:ext', ip: '172.20.0.8', port: '3000', protocol: 'HTTP', uptime: '1h 45m', health: 'healthy' }, { name: 'IHM Client', status: 'running', image: 'ihm_client:ext', ip: '172.20.0.9', port: '3001', protocol: 'HTTP', uptime: '1h 40m', health: 'healthy' },